534a961e84
Currently in Che there are still a number of requirements in upstream that are not required by the OIDC specification, so that Che still cannot be used with a number of OIDC compliant providers. For example, in order to have Che working with the [`node-oidc-provider`](https://github.com/panva/node-oidc-provider), the following changes were necessary: - Remove the requirement to have the email as a claim in the JWT access token: this is not required the specification and is not supported by a number of OIDC providers. Normally, the Id token contains such claims. So now if the email is not in the JWT token the first time the user connects to Che, ten the email is retrieved from the OIDC provider through its `user-profile` endpoint. - Explicitely specify the the `openid email profile` scope when requesting the access token. Because OIDC providers, when answering to the `userInfo` endpoint, are expected to return claims that corresponds to the scopes of the access token. So if an access token has the `openid` scope only, the `userinfo` might return no claim at all (according to the specification). Until now it was working since keycloak allows adding claims to the returned tokens anyway. - Allow supporting fixed redirect Uris: most OIDC providers support having a list of redirect URIs to come back to after the authorization step. But these authorized Uris don't necessarily support wildcards or prefix. Che doesn't support this currently, and these changes introduce 2 fixed callback HTML pages that redirect to the Dashboard / IDE URL of the final page we want to come back to after authentication. This makes Che compatible with more OIDC providers We introduced a new boolean property to enable / disable fixed redirect URLs: `che.keycloak.use_fixed_redirect_urls` whose default value is `false` - The previous points required some light changes in the Keycloak Javascript adapter file, that we will submit as a PR to the Keycloak project. I, the meantime the `OIDCKeycloak.js` file is still used, but has been updated to be now based on the `keycloak.js` file of the last `4.5.0-final` Keycloak release. This will make this Keycloak PR easier to get accepted. Please keep in mind that this version upgrade only impacts the alternate OIDC provider case: when using a real Keycloak server, Che *always uses the `keycloak.js` file provided by the Keycloak server*. Signed-off-by: David Festal <dfestal@redhat.com> |
||
|---|---|---|
| .. | ||
| che-core-dyna-provider-generator-maven-plugin | ||
| che-core-ide-api | ||
| che-core-ide-app | ||
| che-core-ide-generators | ||
| che-core-ide-stacks | ||
| che-core-ide-templates | ||
| che-core-ide-ui | ||
| che-core-orion-editor | ||
| che-ide-core | ||
| che-ide-full | ||
| che-ide-gwt-app | ||
| commons-gwt | ||
| gwt-logger | ||
| README.md | ||
| pom.xml | ||
README.md
Che IDE
- Making a GWT library for the IDE GWT app
- Including an IDE plugin to the IDE GWT app
- GWT Super DevMode
- Extending IDE GWT app
Making a GWT library for the IDE GWT app
GWT library it's a JAR that contains compiled classes, project's (re-)sources, GWT module descriptor (*.gwt.xml) and possibly other GWT-specific files.
pom.xml
To make a GWT library (e.g., IDE plugin) for using it in IDE GWT app just do the two steps in your pom.xml:
- add the
gwt-maven-pluginconfiguring GWT module name:<plugin> <groupId>net.ltgt.gwt.maven</groupId> <artifactId>gwt-maven-plugin</artifactId> <extensions>true</extensions> <configuration> <moduleName>org.eclipse.che.plugin.python.Python</moduleName> </configuration> </plugin> - set packaging to
gwt-libwhich triggers a Maven lifecycle that will build agwt-libartifact.
*.gwt.xml
Project's *.gwt.xml file is generated within the gwt-lib Maven lifecycle and contains:
- the declarations for the default source folders:
<source path="client"/> <source path="shared"/> <super-source path="super"/> <inherits/>directives for the project's direct dependencies which were packaged as agwt-lib.
Optional template may be provided in src/main/module.gwt.xml for generating project's *.gwt.xml file.
The most common cases when you may require a template:
- need to override the default source folders, like here;
- need to add
<inherits/>directive for a GWT lib that isn't packaged as agwt-libartifact (doesn't contain GWT-specific meta information).
Consuming the shared libraries
The shared libraries don't require any GWT-specific files or configuration in pom.xml to be consumed by a GWT library.
To use shared code in a GWT library:
- declare a dependency on the "normal" artifact (JAR with compiled classes);
- declare a dependency on the "sources" artifact (with
<classifier>sources</classifier>).
See an example here.
Including an IDE plugin to the IDE GWT app
Just add a Maven dependency on the appropriate artifact (gwt-lib) to the che-ide-gwt-app's pom.xml.
In case the added artifact represents Che's sub-project, dependency should be declared with <type>gwt-lib</type> or <classifier>sources</classifier> to be able to use it with Super DevMode.
GWT Super DevMode
There are two options available to launch GWT Super DevMode, depending on the state of the Che sources: whether it's built or not since a lot of sources are generated during the Maven build.
- Case 1: Che sources have been already built. Use the following command:
mvn gwt:codeserver -pl :che-ide-gwt-app -am -Dmaven.main.skip -Dmaven.resources.skip -Dche.dto.skip -Dskip-enforce -Dskip-validate-sources
- Case 2: Che sources haven't been built, e.g. freshly cloned or after executing
mvn cleanor you just don't need to build the whole project. Use the following command:
mvn gwt:codeserver -pl :che-ide-gwt-app -am -Dskip-enforce -Dskip-validate-sources
The second one requires more time to launch GWT CodeServer since the second one it executes process-classes build phase for each maven module. So using the first command is preferable.
Note, both commands have to be performed in the root folder of the Che project.
Extending IDE GWT app
There're two GWT libraries provided which allows you to easily extend IDE GWT app: Basic IDE and Full IDE.
Basic IDE represents IDE without any plugins. It allows you to compile IDE GWT app with your own IDE plugins only, e.g.:
<dependencies>
<dependency>
<groupId>org.eclipse.che.core</groupId>
<artifactId>che-ide-core</artifactId>
</dependency>
<dependency>
<groupId>my.ide.plugin</groupId>
<artifactId>my-ide-plugin</artifactId>
</dependency>
</dependencies>
Full IDE represents IDE with full set of the standard plugins. It allows you to compile IDE GWT app excluding some of the standard plugins and/or including your own IDE plugins, e.g.:
<dependencies>
<dependency>
<groupId>org.eclipse.che.core</groupId>
<artifactId>che-ide-full</artifactId>
<exclusions>
<exclusion>
<artifactId>che-plugin-product-info</artifactId>
<groupId>org.eclipse.che.plugin</groupId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>my.ide.plugin</groupId>
<artifactId>my-ide-plugin</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.eclipse.che.core</groupId>
<artifactId>che-core-gwt-maven-plugin</artifactId>
<version>${project.version}</version>
<executions>
<execution>
<goals>
<goal>process-excludes</goal>
</goals>
</execution>
</executions>
</plugin>
</plugins>
</build>
Note that che-core-gwt-maven-plugin have to be added in order to correctly process the IDE plugins exclusions.